Proxy authentication network

Abstract

A Proxy Authentication Network includes a server that stores credentials for subscribers, along with combinations of devices and locations from which individual subscribers want to be authenticated. Data is stored in storage: the storage can be selected by the subscriber. The data stored in the storage, which can be personally identifiable information, can be stored in an encrypted form. The key used to encrypt such data can be divided between the storage and server. In addition, third parties can store portions of the encrypting key. Subscribers can be authenticated using their credentials from recognized device / location combinations; out-of-band authentication supports authenticating subscribers from other locations. Once authenticated, a party can request that the encrypted data be released. The portions of the key are then assembled at the storage. The storage then decrypts the data, generates a new key, and re-encrypts the data for transmission to the requester.

Description

RELATED APPLICATION DATA[0001]This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60 / 690,548, filed Jun. 13, 2005, which is incorporated herein by reference.FIELD OF THE INVENTION[0002]This invention pertains to identity verification, and more particularly to the controlled release of identity information.BACKGROUND OF THE INVENTION[0003]In communications networks today, the devices that are used by persons or through which users are authenticated to a network are themselves in some way authenticated to a network. For example, in a typical Microsoft Active Directory-based network (or other network that employs a directory) a computer attached to the network receives a software-based token stored on the device, and is joined (i.e., authenticated) to the network. Then, when a user needs access to either the computer or resources on the network, the authenticates with a username or password that is compared to what is stored in the directory. In many bus...

AI Technical Summary

Benefits of technology

"The invention is a system and method for performing a transaction where subscribers register with the system and are provided with credentials. These subscribers can be authenticated using their credentials. The system can provide a receipt to the subscribers, which identifies them without providing any personally identifying information. Additionally, the invention allows for the release of data that is encrypted using a key. This key is divided among multiple participants. When the data needs to be released, the key is assembled from the various parts and the data is decrypted. The data can also be re-encrypted using another key for transmission to a requester of the data, to protect the data."

Problems solved by technology

But in more secure environments, this approach to authentication has not proven secure enough.

But these systems have proven expensive to deploy, difficult and costly to maintain, lack scalability for every user on the Internet, and are too complicated for the typical end user.

Another drawback to these systems is the processing overhead.

In his book, Applied Cryptography, Second Edition, John Wiley & Sons, New York, 1996, Bruce Schneier states: “Public-key algorithms are slow.

This fact introduces limitations to widespread use of small or low processing powered devices such as cell phones, personal digital assistants (PDAs) or 802.1 x wireless devices.

Certificates employ public key cryptography and typically expire, making them a recurring maintenance cost.

Presently, many companies compete in this space and there is no available scalable and affordable method to distribute certificates to every user on the Internet.

Many companies may have more than one certificate from more than one Certificate Authority, making this methodology cumbersome and inadequate.

But none of these methods accurately identify the user of the device connected to the network.

Again, as above, the device or network does not necessarily authenticate the user.

Thus, manually configured shared secrets are useless as a standard, as every website would have to share a secret with its users.

A more descriptive information about Ipv6 key management protocols can be found” attached as Appendix B. The lack of a standard has prevented widespread use and adoption of Ipv6.

Since payment instruments can be forged or stolen, without an in person interview there is no way to positively identify the applicant.

The process to obtain the certificate is subject to computer fraud.

An additional problem posed by most systems in use today is there is no positive way to identify the user of a device.

However, in this example, there is no positive way to identify the user of the device.

The device typically has a way to lock the keypad with a code only known to the user to prevent unauthorized use; but to date, there is no positive way to identify the user.

But in the case of a cell phone, these inventions have proven to be cumbersome, expensive, defeatable, or for other reasons not implemented.

As above, there is no positive way to guarantee the user's identity.

But since most of these networks rely on the use of a token, such as a credit card, that can be passed to another user or stolen, once again there does not exist a method to verify the authenticity of the user of the token.

But biometric devices have seen slow adoption for a variety of reasons that are primarily behavioral in nature (fear of germs, etc.), not to mention that the reasonably priced models can be readily defeated.

Identity theft is another problem area resulting from software intrusion that captures an end user's keyboard input and can capture screen shots of the user's personal computers allowing them to pose as the identity.

Today, there is no simple, reliable way to communicate to the unsophisticated user that they have accessed an application that does not belong to the entity they believe it to be.

Images